What will 2012 bring? We can’t know for sure. Recent years have taught us that, when it comes to computer security, one should expect to be surprised. However, it’s equally true that in the realm of computer security, “what’s past is prologue,” as Shakespeare famously wrote. In other words: the events of he past year have helped to set the stage for the big events (and news stories) of 2012. What are those likely to be? Download to learn Threatpost’s predictions ofof 2012 security trends.
As the year draws to a close, we’ve compiled our list of the Top Security Stories of 2011, presented here in no particular order. These are the issues that shook the world’smarkets and kept us awake at night. If there’s a lesson here, it’s that cybersecurity challenges aren’t going away anytime soon. In fact, as we look forward to 2012, about the only thing that could quell the continuing battle to secure technology system is if the Mayans turn out to be right. And none of us is rooting for that.
Blaring headlines that decry insider attacks against their employers are nothing new. In fact, some of the biggest and most damaging data breaches in recent memory were ultimately linked back to rogue employees of large firms.
You could be forgiven for thinking that malicious insiders were a threat felt mostly by enterprises and large enterprises. After all, the Threatpost list of Infamous Insiders features no shortage of Fortune 500 firms. But if you assumed that rogue and malicious
insiders were an enterprise problem only, you’d be dead wrong. Small businesses, too, are frequent victims of insider attacks and other forms of data theft, and are just as likely to be attacked as large, well-known firms. This Spotlight offers some guidelines that businesses can use to help avoid being a victim.
Security and privacy experts have been warning about the fundamental flaws in the certificate authority system for more than 15 years now, but for the most part those warnings have gone unheeded. The system is set up so that any CA has the ability to issue a certificate for any site on the Web, and users have virtually no visibility into the process and no sense of which CAs are trustworthy. Download this Spotlight to learn more about certificate authority compromises.
If Firewalls, antivirus software and intrusion detection tools keep out stealthy attackers,
how does a company square off against rogue insiders?
That’s a pressing question and one that’s garnering more attention as the number of high profile insider
attacks mounts, and as government and private sector regulators take steps to clamp
down on malicious insiders.
To help you understand the insider threat better, Threatpost has put together this Spotlight on insider threat attacks that can help you begin to tailor your protections and policies to stop malicious insiders
Hackers want your corporate data; it’s valuable to them.
There have been hundreds and hundreds of attacks in the last several years resulting in exposed customer/consumer data and a loss of corporate reputation.
Threatpost’s editors have pulled together this Spotlight feature as a way of informing readers about the extent of the data breach problem, what kinds of organizations attackers are targeting and what tactics the bad guys are using in order to get to the valuable data. Download this Spotlight Series on Data Breaches to understand why your business is a target and how to stay ahead of the cybercriminals and security safe.
If you have a smart phone, the chances are that you just love the convenience of the thing. When you’re lost, your phone – by now GPS enabled - can bring up Google Maps or some other program and tell you where you are and how to get where you’re going. In a strange city? Applications like Yelp will tell you about cool restaurants and stores nearby while Facebook and Twitter let you keep in touch with your followers.
Any game of IT Security Boardroom BINGO in the last two years would have to include the terms “advanced,” “persistent” and “threat.” Indeed, advanced persistent threats – or APTs – have been so much in the headlines in the last two years that the term, itself, has expanded from one that was quite specific and limited in scope to a kind of cipher – something that seems quite specific but means nothing and everything at once.
If you love your Google Android phone and keep up with the latest in Android-related news, the chances are that you came across some scary stories recently about a new, malicious program designed to infect them. That program, dubbed DroidDream, was the subject of close coverage on Threatpost.com
Privacy means different things to different people, but everyone with an interest in the Internet agrees that it’s quickly risen to the top of the list of concerns for consumers, site owners and government regulators.
Sometimes a big news story looks even bigger in retrospect than it does when it’s breaking. We think that’s the case with the Stuxnet worm, a sophisticated piece of malicious code that crawled its way onto the networks of power plant operators and critical infrastructure providers from India to Iran and Germany in 2010. In a series of articles, Threatpost dug deep into the functioning and origins of Stuxnet, as well as the conditions within the critical infrastructure sector that made it so effective.
Unless you’ve been living in a cave, chances are you’ve heard plenty about the sensational leak of hundreds of thousands of pages of sensitive U.S. diplomatic cables by the expose Web site Wikileaks. This series contains a collection of lessons for modern organizations struggling to maintain sensitive data in today’s network environment.
In a recent series of articles, Threatpost has examined some of the challenges facing the IT sector and companies, as attackers focus their attentions on buggy, vulnerable application code on PCs, mobile devices and the Web.
The concept of online privacy has become a sad joke in today’s environment, in which advertisers and software vendors track users’ movement 24/7, silently gather data on their online activities and use it all to sell them more products.
For most of recorded Internet history, Microsoft has had a firm grasp on the title of most targeted software vendor. But that has changed in the last year, as attackers have begun poking a slew of holes in Adobe products.